menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

1M

read

290

img
dot

Image Credit: Tech Radar

Watch out - that antivirus website could be a fake, and infecting your PC with malware

  • A fake website spoofing Bitdefender antivirus has been discovered by cybersecurity researchers.
  • The malicious website delivers the VenomRAT Remote Access Trojan, used by cybercriminals to steal money.
  • The website mimics the legitimate Bitdefender download page with slight differences in wording.
  • The VenomRAT malware enables theft of credentials, access to webcams, and keystroke logging on Windows systems.

Read Full Article

like

17 Likes

source image

Medium

1M

read

418

img
dot

Image Credit: Medium

Uncle Sam’s AI Power Move: What H.R.1 Means for Investors

  • The U.S. government is making significant moves in AI with the passing of H.R.1, providing funding, focus, and regulatory support for the tech industry.
  • Key highlights include over $470 million in DoD AI and Cyber Defense funding, a $12.5 million Medicare Anti-Fraud AI Pilot, and emphasis on third-party vendors and machine learning.
  • This centralized approach eliminates state-level challenges and offers a clear regulatory path for AI technologies to thrive.
  • The government's increased involvement in AI could signal potential growth opportunities in the tech market for investors.

Read Full Article

like

25 Likes

source image

Medium

1M

read

217

img
dot

Image Credit: Medium

“I Use End-to-End Encryption, They Can’t See My Messages”

  • End-to-end encryption (E2EE) ensures that messages are scrambled before leaving your phone and can only be read by the intended recipient upon decryption.
  • Metadata information collected by WhatsApp, such as communication patterns, is not encrypted and could be accessed or shared.
  • Encryption cannot safeguard against social engineering attacks or instances where individuals are tricked into revealing sensitive information.
  • While E2EE protects message content, metadata like communication details can still provide insights into user behavior and contacts.

Read Full Article

like

13 Likes

source image

The Verge

1M

read

349

img
dot

Image Credit: The Verge

LexisNexis leaked social security numbers and other personal data of over 364,000 people

  • LexisNexis Risk Solutions suffered a breach exposing personal data of over 364,000 people including names, Social Security numbers, and more.
  • The breach was discovered on April 1st, 2025, where an unauthorized third party accessed the data through a third-party software development platform.
  • Data was obtained through LexisNexis' GitHub account, and the company is in the process of notifying affected individuals.
  • Efforts to regulate data brokers like LexisNexis have faced setbacks, including the pause in rulemaking by the former Treasury Secretary and bills aimed at restricting data broker activities.

Read Full Article

like

21 Likes

source image

Dev

1M

read

28

img
dot

Image Credit: Dev

🚜 Code Like It Matters: A Guide to Secure Coding (from someone who broke it before fixing it)

  • Security in coding is crucial to prevent vulnerabilities like SQL injection, XSS, and buffer overflows due to sloppy coding.
  • Key principles of secure coding include validating all input, escaping output to prevent XSS, using prepared statements for DB queries, hashing passwords securely, avoiding rolling your own crypto, keeping secrets out of code, and updating dependencies regularly.
  • A personal story highlights the consequences of leaving debug mode on in production, emphasizing the importance of thorough checks in configurations.
  • Tools like SonarQube, OWASP ZAP, GitHub Advanced Security, and Semgrep aid in maintaining clean and secure code by detecting issues early on.

Read Full Article

like

1 Like

source image

Siliconangle

1M

read

412

img
dot

Image Credit: Siliconangle

Identity security automation startup Cerby raises $40M

  • Identity security automation startup Cerby has raised $40 million in a Series B funding round led by DTCP Capital.
  • Cerby automates the management of nonstandard and disconnected applications, helping enterprises secure software-as-a-service portfolios and other disconnected systems.
  • The platform provides automation approaches for modern identity controls, extending protection to applications outside the reach of traditional tools.
  • Cerby's customers include Fortune 100 companies like L’Oréal, Fox Corp., Colgate-Palmolive, Dentsu Inc., and Chime Financial.

Read Full Article

like

24 Likes

source image

Tech Radar

1M

read

444

img
dot

Image Credit: Tech Radar

Top math software and services platform still offline following ransomware attack

  • MathWorks, a math software developer, confirmed being hit by a ransomware attack affecting its IT systems.
  • The company is slowly bringing its systems back online with the help of cybersecurity experts.
  • Certain online applications like MATLAB Answers and Cloud Center have been restored for existing users.
  • No threat actors have claimed responsibility yet, and negotiations with attackers might be ongoing.

Read Full Article

like

26 Likes

source image

Pymnts

1M

read

430

img
dot

Image Credit: Pymnts

UK Fraud Cases Jump 12% as Criminals Find New Scams

  • Fraud reports in the United Kingdom rose by 12% in 2024 compared to the previous year.
  • Last year, there were 3.3 million reported cases of fraud in the U.K., marking the highest number in UK Finance's comparable data.
  • The dollar amount of reported fraud remained relatively stable at 1.17 billion pounds, indicating a reduction in the average loss per case.
  • Unauthorized fraud and authorized push payment (APP) fraud are among the prevalent scams, prompting increased industry efforts to combat these criminal activities.

Read Full Article

like

25 Likes

source image

Tech Radar

1M

read

40

img
dot

Image Credit: Tech Radar

Russia-linked hackers are attacking small businesses using fake Microsoft Entra pages

  • Russian hackers, linked to the Russo-Ukrainian conflict, have been launching aggressive attacks on small businesses by using fake Microsoft Entra login pages.
  • The attackers, specifically known as Void Blizzard, aimed to gather intelligence from organizations in critical sectors like government, defense, transportation, media, NGO, and healthcare.
  • Void Blizzard shifted from buying login credentials to creating spoofed Entra pages, targeting mostly small and medium-sized businesses in Ukraine and NATO member states.
  • Microsoft identified the campaign as part of Russia's wider war on Ukraine, with shared espionage interests among other Russian state actors targeting NATO member states and Ukraine.

Read Full Article

like

2 Likes

source image

TechDigest

1M

read

412

img
dot

Image Credit: TechDigest

NHS trusts hit by cyber attack, patient data feared stolen

  • NHS trusts in the UK have experienced a cyberattack leading to concerns about patient data being stolen.
  • University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were affected by a software vulnerability.
  • The cyberattack exploited a vulnerability in Ivanti Endpoint Manager Mobile software, potentially exposing patient records and sensitive information.
  • Hackers with an IP address based in China were identified. NHS England and cybersecurity partners are investigating the incident.

Read Full Article

like

24 Likes

source image

Secureerpinc

1M

read

40

img
dot

Image Credit: Secureerpinc

Understanding Malware: Types and Prevention

  • Malware attacks can threaten businesses of all sizes, leading to costly damage and recovery.
  • Proactive steps such as developing clear security policies, investing in training, and using multi-factor authentication can reduce the risk of malware infections.
  • Installing anti-malware tools and spam filters, changing default settings, and performing regular vulnerability assessments are essential for maintaining cybersecurity.
  • Layering malware defenses and staying vigilant can help businesses mitigate the impact of cyber attacks and protect their sensitive data.

Read Full Article

like

2 Likes

source image

Neuways

1M

read

336

img
dot

Image Credit: Neuways

Out of office? Your cyber security shouldn’t be 

  • Before heading off on your summer break, ensure your personal and work devices are updated with the latest security patches and have antivirus protection active.
  • Use unique passwords and enable Multi-Factor Authentication (MFA) to safeguard your accounts, especially during the holiday season when cyber-attacks are common.
  • Avoid using public Wi-Fi and utilize a trusted VPN to encrypt your connection when accessing work systems remotely.
  • Additional tips for business travelers include carrying a power bank, securing devices in public places, and using privacy screens to prevent unauthorized access to sensitive information.

Read Full Article

like

20 Likes

source image

Dev

1M

read

381

img
dot

Image Credit: Dev

5 Prompts That Make Any AI App More Secure

  • AI platforms often overlook basic security measures, leaving applications vulnerable to attacks.
  • Five copy-paste prompts provided for enhancing security in AI-generated applications.
  • Prompts cover input sanitization, proper authentication, access control, secure data storage, and API security.
  • These prompts aim to prevent a wide range of security risks and vulnerabilities, making AI apps more secure.

Read Full Article

like

22 Likes

source image

Pymnts

1M

read

49

img
dot

Image Credit: Pymnts

Cerby Raises $40 Million to Expand Identity Security Automation Platform

  • Cerby raises $40 million in a Series B funding round to expand its identity security automation platform.
  • The funding will be used to enhance the Cerby Application Network, invest in artificial intelligence capabilities, make the platform extensible, innovate its solution suite, and scale operations in North America and EMEA.
  • Cerby's platform automates the full identity lifecycle for various applications, including credentials, authentication, lifecycle management, and privileged access.
  • DTCP, leading the funding round, stated that Cerby offers proven solutions and a unique platform, aiming to transform the identity security industry.

Read Full Article

like

3 Likes

source image

Tech Radar

1M

read

68

img
dot

Image Credit: Tech Radar

Misconfigured Docker instances are being hacked to mine cryptocurrency

  • Hackers are using misconfigured Docker API instances to build a botnet for mining the Dero cryptocurrency.
  • Security researchers discovered a 'container zombie outbreak' originating from exposed Docker APIs, leading to compromised and new containers used for cryptocurrency mining and propagation.
  • The attack involves malware disguised as 'nginx' that scans for vulnerable instances, infects them, creates new malicious containers, and forces existing ones to mine Dero, all autonomously.
  • Users of Docker are advised to secure their API settings, fortify login credentials, and conduct regular security audits to prevent such attacks.

Read Full Article

like

4 Likes

For uninterrupted reading, download the app